MailGate Support Issues
Q. What can I do to combat the Sircam virus?!?
A. There are a few options, you can choose whichever suits you best...
To integrate Anti-Virus software with MailGate for e-mail protection you can use the MailGate Anti-Virus Extension. This works with Sophos Anti-Virus, and also provides a generic option that can make use of On-Access scanning facilities in most other Anti-Virus products.
If you're looking for a solution that's easy to administer and update, this option makes sense.
Large POP Message Control
Due to the Sircam virus e-mails being around 200k in size, it can be effective to use the MailGate Large POP Message Control facility. Once enabled, any mail over the preset size is left on the ISP's server without being downloaded, a notification e-mail can be sent to the intended recipient and administrator when this occurs. The first 25 lines of the e-mail are downloaded, and this can be checked for the typical Sircam profile. From there you can choose to collect it, or delete it.
- Click on Gateway | Large POP Message Control.
- Set the "Defer collection of POP messages..." field to a value of "180"k.
- Any deferred messages will be listed in the "Deferred messages" field.
- For more information on Large POP Message Control, click on the HELP button.
Mail Manager Extension
The Mail Manager Extension is a rules based mail processor.
You can define a rule to identify the virus by looking for the phrase
"Hi! How are you" in the mail. You can then choose what action you want the
module to take with matched mail - for example, you can automatically
delete or quarantine the message or remove all attachments.
- Double-click on "Mail Manager" in the Extensions branch on the main MailGate window.
- On the "Rules" tab, click the ADD button.
- Name the new rule (e.g. "Virus Check").
- Set the "Message" field to "Hi! How are you".
- Set the "Action#1" drop-down menu to whatever action you wish to use against the mail, and click on the "Settings" button to configure it.
- Click OK when finnished.
As the Sircam virus contains specific text (eg. "Hi! How are you", "I send you this message to seek your advice"), you can use the Spam Filter to detect and treat this as spam.
- Go to the directory where the SpamFilter is installed (usually C:\Program Files\Mailgate\spamfltr).
- In the "Spamfltr" directory you'll find a list of files, find the file named "userpre.sfr".
- Open the file (using notepad), enter the following rule:
#rule "Check mail body for virus phrases"
if BodyMatchesListItem("Virus words") then
- Click File | Save, select "All files(*.*)" from the "Save as type" drop-down list, click the Save button.
- Create a new text file in the same directory, type the following:
*Hi! How are you*
*I send you this message to seek your advice*
- Click File | Save, select "All files(*.*)" from the "Save as type" drop-down list, name the file "Virus words.lst" and click the Save button.
- If you go to the Spam Filter configuration, you should see "Check mail body for virus phrases" in the Rules tab. You can set the priority of this to Highest. Also, you can edit the "Virus words.lst" file and add as many known virus phrases as you like.
Return To FAQ